A cybercriminal going by the alias ’emo’ has posted the entire BreachForums v1 database, generated through the end of 2022, on Telegram, reportedly with the aim of allowing users to plug holes in their OPSEC (operational security).
As reported by BleepingComputeremo started leaking data over the weekend, first looking at member data (member names, email addresses, and IP addresses – after they were banned from the current version of the forum).
They then uncovered the rest, including a “massive amount” of additional data.
Sold by Pompompurin
“Here you will find the full BreachForum v1 database, all records up to November 29, 2022,” Emo posted on Telegram.
“This database contains everything: private messages, threads, payment logs, detailed IP logs for each user, and so on. Originally, I leaked the user table only to prevent it from being sold behind the scenes by BreachForum staff. However, now it has become clear that so many people have the database that it is inevitable that it will be leaked.”
“This gives everyone the opportunity to control their data and close the gaps in their OPSEC.”
The archive also appears to contain members’ hashed passwords, private messages, cryptocurrency wallets used to purchase forum credits, and every post ever made on the site. Cybersecurity researchers can use the messages to gain a better understanding of how threat actors operate and compromise networks, while the cryptocurrency wallet data could be used to tie specific ransomware payments to individual criminals.
Apparently the database was originally sold in July 2024 by the forum’s founder, Conor Fitzpatrick, aka Pompompurin.
In early January 2024, Fitzpatrick was sentenced to 20 years of supervised release for running the forum. For the first two years of his sentence, Fitzpatrick will spend time under home confinement with a GPS locator. He will also undergo mental health treatment. He will also be banned from the internet for a year and have monitoring software installed on his devices.